Challenge Link: https://tryhackme.com/room/retro

A Kali Linux 2019–1 image was used to perform the task.

The IP address of the remote machine for my session was 10.10.200.145

Enumeration

After kicking off the session you will note that you cannot ping the machine in question.

Running nmap -Pn -sV 10.10.200.145 against the machine returned the following ports open.

We can clearly see a web server and the rdp port (3389) are open for business.

A web server is running on the target. What is the hidden directory which the website lives on?

Let’s fire up dirbuster and give it a wordlist…

Conor Murray

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store